CN114615046B - Administrator double-factor authentication method based on national secret certificate - Google Patents
Administrator double-factor authentication method based on national secret certificate Download PDFInfo
- Publication number
- CN114615046B CN114615046B CN202210223946.9A CN202210223946A CN114615046B CN 114615046 B CN114615046 B CN 114615046B CN 202210223946 A CN202210223946 A CN 202210223946A CN 114615046 B CN114615046 B CN 114615046B
- Authority
- CN
- China
- Prior art keywords
- administrator
- encryption
- certificate
- equipment
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000012795 verification Methods 0.000 claims abstract description 13
- GPUADMRJQVPIAS-QCVDVZFFSA-M cerivastatin sodium Chemical compound [Na+].COCC1=C(C(C)C)N=C(C(C)C)C(\C=C\[C@@H](O)C[C@@H](O)CC([O-])=O)=C1C1=CC=C(F)C=C1 GPUADMRJQVPIAS-QCVDVZFFSA-M 0.000 claims abstract description 7
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention relates to an administrator double-factor authentication method based on a national cryptographic certificate, which comprises the following steps: initializing equipment to generate a national encryption certificate, wherein the national encryption certificate comprises an encryption certificate CertB of the security encryption equipment and a signature certificate CertA of an administrator A; administrator a uses the national cryptographic certificate to log in to the secure encryption device: after the administrator A and the security encryption equipment B establish SSL connection, the administrator A sends a request to log in the security encryption equipment B; the secure encryption device B generates a random number R B and sends an encryption certificate CertB of the secure encryption device B to the administrator A; after receiving the encryption certificate CertB, the administrator A encrypts TokenAB, namely RA|| sSA; after receiving the encrypted TokenAB, the security encryption equipment B executes decryption, signature verification and user name and password consistency comparison operation. The invention realizes that an administrator logs in the security encryption equipment by using the national encryption certificate through the standard browser, thereby realizing double-factor authentication and improving the security intensity of the administrator logging in the equipment by using the national encryption certificate.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an administrator double-factor authentication method based on a national secret certificate.
Background
At the present time of cyber attack threat gain ground, to ensure security protection of its own network environment, a secure encryption device is one of the indispensable network devices. The security encryption device mainly acts as a protective barrier between the environment of the internal and external networks, so as to block the unsafe network factors of the computer, but the security encryption device is also an object of network attack.
Enterprises deploy secure encryption devices, and require full-time administrators to manage and configure the devices. The administrator logs into the secure encryption device, and in most cases authenticates using a username and password. The network attacker logs in the security encryption equipment through the password of the violent cracking administrator, and the tamper configuration is subjected to deeper damage. In order to enhance the security of the administrator authentication, a user name/password single authentication mode is not used any more, but a two-factor authentication mode is adopted. The two-factor authentication modes include certificate authentication, OTP token, short message authentication and the like.
An administrator logs in the security encryption equipment and adopts an HTTPS mode to encrypt and protect data by using an SSL protocol. The SSL protocol itself can perform certificate authentication, which is a way of two-factor authentication.
There are two ways of SSL certificate authentication: international certificate authentication and national secret certificate authentication. The international certificate authentication adopts an international protocol, and the authentication is completed by adopting an international algorithm in the SSL connection process. The national cipher certificate authentication adopts a national cipher protocol, and the SSL connection process adopts a set of standards of a national cipher algorithm (SM 1/SM2/SM3/SM 4).
The standard browser only supports SSL international protocol, supports SSL certificate authentication based on international certificates, does not support national-secret SSL protocol based on national-secret certificates, namely, the standard browser cannot support an administrator to log in the security encryption device by SSL double-factor authentication by using the national-secret certificates. The international certificate is usually RSA algorithm (2048 bits), the ECC algorithm is adopted at the current stage of the national encryption certificate, the ECC algorithm is issued by the national code administration in 2010 and is a public key cryptographic algorithm which is independently designed in China, the encryption strength of the international certificate is higher than that of the RSA algorithm (2048 bits) based on elliptic curve cryptography theory.
Disclosure of Invention
The invention aims to provide an administrator double-factor authentication method based on a national secret certificate, which realizes that an administrator logs in a security encryption device by using the national secret certificate through a standard browser, not only realizes double-factor authentication, but also improves the security intensity of the administrator logging in the device by using the national secret certificate.
The invention provides an administrator double-factor authentication method based on a national cryptographic certificate, which comprises the following steps:
Initializing equipment to generate a national encryption certificate, wherein the national encryption certificate comprises an encryption certificate CertB of the security encryption equipment and a signature certificate CertA of an administrator A;
The process of using the national cryptographic certificate to log in the security encryption device by the administrator A comprises the following steps:
Step 1, after an administrator A and a security encryption device B establish SSL connection, the administrator A sends a request to log in the security encryption device B;
Step 2, the secure encryption device B generates a random number R B and sends the encrypted certificate CertB of the secure encryption device B to the administrator a;
step 3, after receiving the encryption certificate CertB, the administrator a performs the following operations:
1) Generating a random number R A;
2) The manager A signs the random number R A, the random number R B, the user name and the password by using the manager signature certificate CertA to obtain sSA;
3) The administrator A encrypts TokenAB, namely RA sSA by using a public key in CertB encryption key pairs of the security encryption device B;
4) Sending the encrypted TokenAB to a secure encryption device B;
Step 4, after the secure encryption device B receives the encrypted TokenAB, the following operations are executed:
(1) The secure encryption equipment B decrypts TokenAB by using a private key of the encryption key pair to obtain RA| sSA;
(2) The security encryption equipment B signs and verifies the public key pair sSA by using the signing key of the administrator A stored in the equipment; successfully obtaining a random number R A, a random number R b, a user name and a password;
(3) The security encryption equipment B compares the obtained R A with the R A obtained in the signature verification, and simultaneously compares the R B generated by the security encryption equipment B with the R B obtained in the signature verification, if the R A is consistent with the R B obtained in the signature verification, the security encryption equipment B passes through the security encryption equipment, otherwise, the security encryption equipment B fails to report errors;
(4) The security encryption equipment B compares the user name and the password obtained in the signature verification with the user name and the password stored in the equipment in a consistency manner, if the user name and the password are consistent with the user name and the password, the login is successful, otherwise, the login is failed;
(5) The secure encryption apparatus B returns a login success/failure message to the administrator a.
Further, the method further comprises: after the login of the manager A is successful, the signature certificate of the manager is updated.
By means of the scheme, the administrator double-factor authentication method based on the national secret certificate has the following technical effects:
1) The manager uses the national secret certificate to carry out double-factor authentication and login to the security encryption equipment by relying on the international SSL protocol, the SSL connection still uses the international protocol, and the standard browser is supported to access the security encryption equipment by using the national secret certificate.
2) The administrator uses the national secret signature certificate, so that the integrity, counterfeiting prevention and non-repudiation of the authentication data of the administrator are ensured, the national secret signature certificate uses an ECC algorithm, and the encryption strength is higher than that of an RSA algorithm used by the international certificate.
The foregoing description is only an overview of the present invention, and is intended to provide a better understanding of the present invention, as it is embodied in the following description, with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
Fig. 1 is a flow chart of an administrator double factor authentication method based on a national cryptographic certificate of the present invention.
Detailed Description
The following describes in further detail the embodiments of the present invention with reference to the drawings and examples. The following examples are illustrative of the invention and are not intended to limit the scope of the invention.
Referring to fig. 1, the present embodiment provides a dual factor authentication method of an administrator based on a national cryptographic certificate,
Firstly, initializing equipment, namely generating a national encryption certificate, namely an encryption certificate CertB of a security encryption device and a signature certificate CertA of an administrator A, and the following flow of using the national encryption certificate to log in the security encryption device by the administrator A is as follows:
1. after the administrator a establishes SSL connection with the secure encryption device, the administrator a sends a request to log in the secure encryption device B.
2. The secure encryption device B generates a random number R B and sends the encrypted certificate CertB of the secure encryption device to the administrator a.
3. After receiving the information, the administrator a performs the following operations:
1) A random number R A is generated.
2) The administrator A signs the random number R A, the random number R B, the user name, the certificate CertA with the administrator,
Password, signature, and sSA.
3) Administrator a encrypts TokenAB, i.e., R A || sSA, with the public key of the CertB encryption key pair of secure encryption device B.
4) And sending the encrypted TokenAB to the secure encryption device B.
4. After the secure encryption apparatus B receives, the following operations are performed:
1) The secure encryption device B decrypts TokenAB with the private key of the encryption key pair to obtain R A | sSA.
2) The secure encryption device B signs the public key pair sSA with the administrator a's signing key stored in the device. The success will result in random number R A, random number R b, username, password.
3) The security encryption equipment B compares the obtained R A with the R A obtained in the signature verification, compares the R B generated by the security encryption equipment B with the R B obtained in the signature verification, and passes if the R A is consistent with the R B obtained in the signature verification, otherwise, fails to report errors.
4) And the security encryption equipment B compares the user name and the password obtained in the signature verification with the consistency stored in the equipment, if the user name and the password are consistent with the consistency stored in the equipment, the login is successful, and otherwise, the login is failed.
The secure encryption apparatus B returns a login success/failure message to the administrator a. After the login of the manager A is successful, the signature certificate of the manager can be updated.
The administrator double-factor authentication method based on the national secret certificate has the following technical effects:
1) The manager uses the national secret certificate to carry out double-factor authentication and login to the security encryption equipment by relying on the international SSL protocol, the SSL connection still uses the international protocol, and the standard browser is supported to access the security encryption equipment by using the national secret certificate.
2) The administrator uses the national secret signature certificate, so that the integrity, counterfeiting prevention and non-repudiation of the authentication data of the administrator are ensured, the national secret signature certificate uses an ECC algorithm, and the encryption strength is higher than that of an RSA algorithm used by the international certificate.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, and it should be noted that it is possible for those skilled in the art to make several improvements and modifications without departing from the technical principle of the present invention, and these improvements and modifications should also be regarded as the protection scope of the present invention.
Claims (2)
1. The administrator double-factor authentication method based on the national cryptographic certificate is characterized by comprising the following steps of:
Initializing equipment to generate a national encryption certificate, wherein the national encryption certificate comprises an encryption certificate CertB of the security encryption equipment and a signature certificate CertA of an administrator A;
The process of using the national cryptographic certificate to log in the security encryption device by the administrator A comprises the following steps:
Step 1, after an administrator A and a security encryption device B establish SSL connection, the administrator A sends a request to log in the security encryption device B;
Step 2, the secure encryption device B generates a random number R B and sends the encrypted certificate CertB of the secure encryption device B to the administrator a;
step 3, after receiving the encryption certificate CertB, the administrator a performs the following operations:
1) Generating a random number R A;
2) The manager A signs the random number R A, the random number R B, the user name and the password by using the manager signature certificate CertA to obtain sSA;
3) The administrator A encrypts TokenAB, namely RA sSA by using a public key in CertB encryption key pairs of the security encryption device B;
4) Sending the encrypted TokenAB to a secure encryption device B;
Step 4, after the secure encryption device B receives the encrypted TokenAB, the following operations are executed:
(1) The secure encryption equipment B decrypts TokenAB by using a private key of the encryption key pair to obtain RA| sSA;
(2) The security encryption equipment B signs and verifies the public key pair sSA by using the signing key of the administrator A stored in the equipment; successfully obtaining a random number R A, a random number R b, a user name and a password;
(3) The security encryption equipment B compares the obtained R A with the R A obtained in the signature verification, and simultaneously compares the R B generated by the security encryption equipment B with the R B obtained in the signature verification, if the R A is consistent with the R B obtained in the signature verification, the security encryption equipment B passes through the security encryption equipment, otherwise, the security encryption equipment B fails to report errors;
(4) The security encryption equipment B compares the user name and the password obtained in the signature verification with the user name and the password stored in the equipment in a consistency manner, if the user name and the password are consistent with the user name and the password, the login is successful, otherwise, the login is failed;
(5) The secure encryption apparatus B returns a login success/failure message to the administrator a.
2. The national cryptographic certificate-based administrator two-factor authentication method of claim 1, further comprising: after the login of the manager A is successful, the signature certificate of the manager is updated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210223946.9A CN114615046B (en) | 2022-03-07 | 2022-03-07 | Administrator double-factor authentication method based on national secret certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210223946.9A CN114615046B (en) | 2022-03-07 | 2022-03-07 | Administrator double-factor authentication method based on national secret certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114615046A CN114615046A (en) | 2022-06-10 |
CN114615046B true CN114615046B (en) | 2024-04-30 |
Family
ID=81860788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210223946.9A Active CN114615046B (en) | 2022-03-07 | 2022-03-07 | Administrator double-factor authentication method based on national secret certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114615046B (en) |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101115060A (en) * | 2007-08-09 | 2008-01-30 | 上海格尔软件股份有限公司 | Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system |
WO2009143713A1 (en) * | 2008-05-28 | 2009-12-03 | 北京易恒信认证科技有限公司 | Two-factor combined public key generation and authentication method |
CN102036238A (en) * | 2010-12-27 | 2011-04-27 | 中国科学院软件研究所 | Method for realizing user and network authentication and key distribution based on public key |
CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
CN103391194A (en) * | 2012-05-10 | 2013-11-13 | 航天信息股份有限公司 | Method and system for unlocking safety equipment of user |
CN104901935A (en) * | 2014-09-26 | 2015-09-09 | 易兴旺 | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) |
WO2015158172A1 (en) * | 2014-04-18 | 2015-10-22 | 天地融科技股份有限公司 | User identity identification card |
CN109361681A (en) * | 2018-11-12 | 2019-02-19 | 北京天融信网络安全技术有限公司 | The close certificate authentication method of state, device and equipment |
CN110650160A (en) * | 2019-10-29 | 2020-01-03 | 北京天威诚信电子商务服务有限公司 | Identity authentication method and system |
CN110708304A (en) * | 2019-09-27 | 2020-01-17 | 苏州浪潮智能科技有限公司 | Information processing method and device |
CA3050487A1 (en) * | 2018-07-24 | 2020-01-24 | Royal Bank Of Canada | System and method for storing and distributing consumer information |
CN112235235A (en) * | 2020-08-28 | 2021-01-15 | 中国大唐集团科学技术研究院有限公司 | SDP authentication protocol implementation method based on state cryptographic algorithm |
CN113987537A (en) * | 2021-10-28 | 2022-01-28 | 中国电影科学技术研究所 | KDM manufacturing method and system based on cryptographic algorithm |
CN113992702A (en) * | 2021-09-16 | 2022-01-28 | 深圳市证通电子股份有限公司 | Storage state encryption reinforcing method and system for ceph distributed file system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101640593B (en) * | 2009-08-28 | 2011-11-02 | 西安西电捷通无线网络通信股份有限公司 | Entity two-way identification method of introducing the online third party |
-
2022
- 2022-03-07 CN CN202210223946.9A patent/CN114615046B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101115060A (en) * | 2007-08-09 | 2008-01-30 | 上海格尔软件股份有限公司 | Method for protecting user encryption key in asymmetric cipher key transmitting process of user key management system |
WO2009143713A1 (en) * | 2008-05-28 | 2009-12-03 | 北京易恒信认证科技有限公司 | Two-factor combined public key generation and authentication method |
CN102036238A (en) * | 2010-12-27 | 2011-04-27 | 中国科学院软件研究所 | Method for realizing user and network authentication and key distribution based on public key |
CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
CN103391194A (en) * | 2012-05-10 | 2013-11-13 | 航天信息股份有限公司 | Method and system for unlocking safety equipment of user |
WO2015158172A1 (en) * | 2014-04-18 | 2015-10-22 | 天地融科技股份有限公司 | User identity identification card |
CN104901935A (en) * | 2014-09-26 | 2015-09-09 | 易兴旺 | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) |
CA3050487A1 (en) * | 2018-07-24 | 2020-01-24 | Royal Bank Of Canada | System and method for storing and distributing consumer information |
CN109361681A (en) * | 2018-11-12 | 2019-02-19 | 北京天融信网络安全技术有限公司 | The close certificate authentication method of state, device and equipment |
CN110708304A (en) * | 2019-09-27 | 2020-01-17 | 苏州浪潮智能科技有限公司 | Information processing method and device |
CN110650160A (en) * | 2019-10-29 | 2020-01-03 | 北京天威诚信电子商务服务有限公司 | Identity authentication method and system |
CN112235235A (en) * | 2020-08-28 | 2021-01-15 | 中国大唐集团科学技术研究院有限公司 | SDP authentication protocol implementation method based on state cryptographic algorithm |
CN113992702A (en) * | 2021-09-16 | 2022-01-28 | 深圳市证通电子股份有限公司 | Storage state encryption reinforcing method and system for ceph distributed file system |
CN113987537A (en) * | 2021-10-28 | 2022-01-28 | 中国电影科学技术研究所 | KDM manufacturing method and system based on cryptographic algorithm |
Non-Patent Citations (7)
Title |
---|
Key-Based Cookie-Less Session Management Framework for Application Layer Security;Zahoor Ahmed Alizai等;《 IEEE Access ( Volume: 7)》;20190911;全文 * |
基于SSL证书认证登录的研究与实现;陈木来;;电脑与电信;20151210(第12期);全文 * |
基于改进Kerberos认证协议的远程访问VPN密码系统研究;何伟;《博士电子期刊出版信息》;20030315;全文 * |
基于数字证书企业应用单点登录的研究与实现;汪海明;;计算机安全;20100315(第03期);全文 * |
基于短群签名的密钥交换协议设计;孙钰;韩庆同;刘建伟;;计算机研究与发展;20121215(第12期);全文 * |
安全操作系统中证书认证模型的设计与实现;崔永祯, 卿斯汉, 高微;计算机应用与软件;20050412(第04期);全文 * |
电子商务网站的安全防范技术;郭卫霞, 胡雪梅;山西电子技术;20051231(第01期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114615046A (en) | 2022-06-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020087805A1 (en) | Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network | |
Dacosta et al. | Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties | |
US8800018B2 (en) | Method and system for verifying user instructions | |
US7793340B2 (en) | Cryptographic binding of authentication schemes | |
JP4842831B2 (en) | Certificate-protected dynamic provisioning | |
US8130961B2 (en) | Method and system for client-server mutual authentication using event-based OTP | |
US7840993B2 (en) | Protecting one-time-passwords against man-in-the-middle attacks | |
JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
CN111740844A (en) | SSL communication method and device based on hardware cryptographic algorithm | |
US20020073322A1 (en) | Countermeasure against denial-of-service attack on authentication protocols using public key encryption | |
US20030204724A1 (en) | Methods for remotely changing a communications password | |
JP2007511167A5 (en) | ||
CN103763356A (en) | Establishment method, device and system for connection of secure sockets layers | |
Hlauschek et al. | Prying Open Pandora's Box:{KCI} Attacks against {TLS} | |
Han et al. | A survey on MITM and its countermeasures in the TLS handshake protocol | |
Tschofenig et al. | The extensible authentication protocol-Internet key exchange protocol version 2 (EAP-IKEv2) method | |
CN108551391B (en) | Authentication method based on USB-key | |
CN114615046B (en) | Administrator double-factor authentication method based on national secret certificate | |
Simon et al. | IEEE 802.11 security and 802.1 X | |
Zhou et al. | Tunnel Extensible Authentication Protocol (TEAP) Version 1 | |
Thuc et al. | A Sofware Solution for Defending Against Man-in-the-Middle Attacks on Wlan | |
CN115208696B (en) | Remote communication method and device for substation telecontrol device | |
Bozkurt et al. | Exploring the Vulnerabilities and Countermeasures of SSL/TLS Protocols in Secure Data Transmission Over Computer Networks | |
CN117749393B (en) | SSLVPN user identity verification method and system based on collaborative signature | |
Wussler | Mitigating TLS compromise with ECDHE and SRP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |